Overview

Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary data) can be detected by the Botnet Traffic Filter when the malware starts a connection to a known bad IP address. The Botnet Traffic Filter checks incoming and outgoing connections against a dynamic database of known bad domain names and IP addresses (the blacklist), and then logs or blocks any suspicious activity.

Configuration

Enable DNS client on ASA

This steps is required to allow it to resolve the address of CSIO's updater service, so the dynamic filter update client to fetch updates.

This is traffic to or from an IP address that is considered to be malicious. This IP address can be either an IP address/network entry in the dynamic blacklist or administrator configured blacklist, or it can be a snooped IP address that was found in a DNS reply for a blacklisted domain.
Whitelist

Related show Commands

show dynamic-filter data
show dynamic-filter database find <string>
show dynamic-filter reports top botnet-sites
show dynamic-filter reports top infected-hosts
show dynamic-filter reports top botnet-ports